I recently modified /etc/resolv.conf on all of my global zones after building new nameservers. I wanted a quick way to copy this updated configuration to all child zones. A simple one-liner does the trick on each global zone (assuming all your zones are in the /var/zones zonepath):
|
1 |
# zoneadm list | grep -v global | while read zone; do cp -p /etc/resolv.conf /var/zones/${zone}/root/etc; done |
After installing Compaq TCP/IP on my OpenVMS 7.3 SIMH image, TCP/IP was not starting when the node was rebooted.
To resolve this, I performed the following steps. First, ensure you have assumed your privileged identity (or just log in as SYSTEM):
|
1 |
$ SET PROCESS/PRIVILEGES=ALL |
Next, edit SYS$COMMON:[SYSMGR]SYSTARTUP_VMS.COM:
|
1 |
$ EDIT SYS$COMMON:[SYSMGR]SYSTARTUP_VMS.COM |
Find the following line, and uncomment it (by removing the leading $! comment sequence):
|
1 |
$!$ @SYS$STARTUP:TCPIP$STARTUP.COM |
Save and exit the editor (with Control-Z). Now, you can either reboot the node
|
1 |
$ REBOOT |
or just start the services manually for now:
|
1 |
$ @SYS$STARTUP:TCPIP$STARTUP |
It’s worth noting that the following command will shut down TCP/IP:
|
1 |
$ @SYS$STARTUP:TCPIP$SHUTDOWN |
It’s also worth noting that individual services can be restarted using the following format, just substitute TELNET for the service you wish to act upon:
|
1 2 |
$ @SYS$STARTUP:TCPIP$TELNET_SHUTDOWN.COM $ @SYS$STARTUP:TCPIP$TELNET_STARTUP.COM |
When grabbing files with wget, it is useful to sometimes not traverse parent directories. For example, say I want to download everything under http://www.example.com/my/home recursively, but not traverse upwards into parent directories. You can add the –no-parent option for this.
|
1 |
$ wget -r --no-parent http://www.example.com/my/home |
Whilst analysing some issues with multicast on a pair of Solaris boxes, I wanted to filter out some unwanted multicast addresses when viewing my snoop traces.
However, by default, snoop will resolve IPs, and ALL multicast IPs in the 228.x.x.x range (which I’m using) resolve to “reserved-multicast-range-not-delegated.example.com”.
|
1 |
# dig -x multi.cast.ip.here |
So … how to “play back” the snoop output without name resolution? Just use the -r option. I also added -ta to get readable timestamps.
|
1 |
# snoop -ta -ri ./input_file.snoop |
I could then pipe this through grep -v and see only the information I cared about.
Another OpenSSL related tip.
/etc/shadow file (for example, during post-install procedures such as sysidcfg), you can use the openssl passwd command:|
1 2 3 4 |
$ openssl passwd Password: Verifying - Password: HaShEdPaSsCoMeSoUt |
This doesn’t cover the basics of configuring httpd, etc. You should know how to do that! Also, this is being done on an old RHEL 4 box.
If you’re having trouble with selinux blocking CGI in weird and wonderful ways, disable it:
|
1 2 |
setsebool -P httpd_disable_trans 1 getsebool -a | grep httpd_disable_trans |
Anyway … modify /etc/httpd/conf/httpd.conf and add a <Directory> directive for the directory that you wish to protect, e.g. :
|
1 2 3 4 5 6 7 8 9 |
# sed -n '275,+7 p' /etc/httpd/conf/httpd.conf <Directory /> Options FollowSymLinks AllowOverride None AuthName "Restricted area!" AuthType Basic AuthUserFile /usr/local/etc/httpd/users require valid-user </Directory> |
It will protect all subdirectories under the directory too. You can obviously just specify a specific directory if you want, but I want to password protect the entire website.
Create a directory for your htpasswd file - do not put this under your DocumentRoot - somewhere under the ServerRoot is good, but I put it in /usr/local/etc/httpd:
|
1 2 3 |
# mkdir -p /usr/local/etc/httpd # chown apache:apache /usr/local/etc/httpd # chmod 700 /usr/local/etc/httpd |
Then create the htpasswd file and add your first user
|
1 |
# htpasswd -c /usr/local/etc/httpd/users jsmith |
|
1 |
It will then prompt for password. |
I always chown apache:apache /usr/local/etc/httpd/users and then chmod 400 /usr/local/etc/httpd/users.
The -c is not required when adding further users to the users file
|
1 |
htpasswd /usr/local/etc/httpd/users newuser |
Then, just restart httpd (only needed as we changed the httpd.conf file - you don’t need to restart httpd after just adding/deleting users with htpasswd), and browse!
|
1 |
apachectl restart |
(or service httpd restart, /etc/init.d/httpd stop && /etc/init.d/httpd start, whatever….)
Done !
By default, the PURGE method is denied with squid, therefore, you cannot use squidclient to purge the cache for a particular page.
The solution to this requires a change in your squid.conf file to allow the PURGE method from localhost.
At my site, squid is installed at /usr/local/squid and the server listens on ports 80 and 8080 instead of the default 3128. You can see what ports squid is listening on with the following:
|
1 2 3 |
# grep "^http_port" /usr/local/squid/etc/squid.conf http_port proxy_ip_addr:80 http_port proxy_ip_addr:8080 |
First, we need to add a couple of acl‘s to the configuration file, one for localhost (if you haven’t defined it already), and one for the PURGE method itself.
|
1 2 3 4 |
# vi /usr/local/squid/etc/squid.conf # egrep "^(acl PUR|acl local)" /usr/local/squid/etc/squid.conf acl localhost src 127.0.0.1 acl PURGE method PURGE |
Now, we can add our http_access definitions to allow use of the PURGE method when requested by localhost only. Make sure you add both of these entries before your global http_access deny all entry.
|
1 2 3 4 |
# vi /usr/local/squid/etc/squid.conf # grep "^http_access.*PURGE" /usr/local/squid/etc/squid.conf http_access allow PURGE localhost http_access deny PURGE |
Now, we’re ready to ask squid to reload its configuration file.
|
1 |
# /etc/init.d/squid reload |
No errors? Cool. Now we can attempt to PURGE our cache for a particular page …
|
1 |
# /usr/local/squid/bin/squidclient -h proxy_ip_addr -p 80 -m PURGE http://www.somewhere.com/somepage.html |
If the object is in the cache, you should receive a HTTP/1.0 200 OK message. If the object is not in the cache, you’ll be greeted by a HTTP/1.0 404 Not Found message.
Disclaimer: This post was originally posted in 2008 as an article on the now-defunct website zazzybob.com. While the software version and actual commands used may vary, the concepts are still similar and give a general idea of how to approach a given problem.
This article describes the process of replacing the venerable but limited syslog daemon with a versatile, flexible and customisable replacement, syslog-ng. We will be using our syslog-ng enabled host as a central logging server, so we’ll use LVM to create a log volume that can easily be expanded as disks are added to the system.
There is no scadm command for the sun4v architecture on Solaris 10.
Therefore, to reset a forgotten ALOM password, you’ll need to connect the Serial management cable. (For example, I used an Annex terminal concentrator, and then telnet‘ed into the appropriate port on the Annex). Warning: you’ll be erasing your ALOM NVRAM during this procedure, but you have no choice.
Pull both power cables from the back of your (init 5‘d) T2000. Leave them unplugged for 5 seconds, and plug them back in.
Watch as the ALOM initialisation flows past your serial, and when you see the following, hit ESC:
|
1 2 |
Boot Sector FLASH CRC Test Boot Sector FLASH CRC Test, PASSED. |
You’ll know if you’re successful, as you’ll see the ALOM <ESC> Menu:
|
1 2 3 4 5 6 7 |
ALOM <ESC> Menu e - Erase ALOM NVRAM. m - Run POST Menu. R - Reset ALOM. r - Return to bootmon. Your selection: |
First, hit “e” to erase the ALOM NVRAM:
|
1 2 3 4 5 6 7 8 |
ALOM <ESC> Menu e - Erase ALOM NVRAM. m - Run POST Menu. R - Reset ALOM. r - Return to bootmon. Your selection: e ALOM NVRAM erased. |
Then, hit “r” to return to the ALOM boot process:
|
1 2 3 4 5 6 7 |
ALOM <ESC> Menu e - Erase ALOM NVRAM. m - Run POST Menu. R - Reset ALOM. r - Return to bootmon. Your selection: r |
Once the ALOM comes up, you’ll be logged in as admin with no password:
|
1 |
sc> |
Reset the admin password:
|
1 |
sc> userpassword admin |
You’ll need to setup the SC again:
|
1 |
sc> setupsc |
I always add another personal admin user, to save this sort of thing happening:
|
1 2 3 4 |
sc> useradd toki sc> userpassword toki sc> userperm toki cuar sc> usershow |
Check you can access the console, and you’re good:
|
1 2 3 4 |
sc> logout ..login.. sc> poweron sc> console -f |
Some notes I prepared whilst renewing a certificate stored in a Java keystore:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# make backup cp -p /path/to/keystore.jks /path/to/keystore.jks.`date +%Y%m%d` # check current keystore contents keytool -list -v -keystore /path/to/keystore.jks -storepass <pass> # create a CSR from the cert in the keystore keytool -certreq -v -file myrequest.csr -keystore /path/to/keystore.jks -alias <alias> -storepass <pass> # check contents of csr openssl req -noout -text -in myrequest.csr # send it and get it signed.... # once received.... # verify the certificate you're about to import openssl x509 -noout -text -in /path/to/newcert.pem # ok, import it keytool -import -file /path/to/newcert.pem -alias <alias> \ -trustcacerts -keystore /path/to/keystore.jks -storepass <pass> # check it was all good keytool -list -v -keystore /path/to/keystore.jks -storepass <pass> # may need to restart any Java apps using that keystore |